[PacketFence-users] issue with configuring PacketFence for Cisco Switch login authentication

Mon, 06 Jun 2022 11:53:16 -0700 

Hi everyone,


ssh login into the same Cisco switch works with a locally configured  user
account -->
I see "Switch enable access granted by PacketFence"    (I'm not sure
how/where this is configured)
but trying to use an AD-authenticated userID is failing.

I'm seeing the following errors in radius log when I try to configure a
Cisco 2900 switch for basic RADIUS authentication (CLI access)
Jun  6 08:40:05 pktf01 auth[50767]: (48) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"User
has no role defined in PacketFence to allow switch login (SWITCH_LOGIN_READ
or SWITCH_LOGIN_WRITE)"}
Jun  6 08:40:05 pktf01 auth[50767]: [mac:] Rejected user: useridXXXXX
Jun  6 08:40:05 -pktf01 auth[50767]: (48) Rejected in post-auth: [a
useridXXXXX ] (from client A.B.C.D/32 port 2)
Jun  6 08:40:05 pktf01 auth[50767]: (48) Login incorrect (rest: Server
returned:): [ useridXXXXX ] (from client A.B.C.D/32 port 2)





I can confirm now via pftest that the account does authenticate via LDAP
and matches authentication rule for context admin & portal:

Authenticating against 'AD-IT-Network' in context 'admin'
  Authentication SUCCEEDED against AD-IT-Network (Authentication
successful.)
  Matched against IT-Network for 'authentication' rule
IT-Network-Admins-Authentication
    set_role : Corp-User
    set_access_duration : 3h
  Matched against AD-IT-Network for 'administration' rule
IT-Network-Admins-Authorization
    set_access_level : ALL

Authenticating against 'AD-IT-Network' in context 'portal'
  Authentication SUCCEEDED against AD-IT-Network (Authentication
successful.)
  Matched against AD-IT-Network for 'authentication' rule
IT-Network-Admins-Authentication
    set_role : Corp-User
    set_access_duration : 3h
  Matched against AD-IT-Network for 'administration' rule
IT-Network-Admins-Authorization
    set_access_level : ALL


pls help -- the documentation is really unclear on this, or I'm not finding
the right section =(

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to